Skip to main content
在 Manus 中运行任何 Skill
一键导入

information-disclosure

星标2
分支1
更新时间2026年7月9日 12:42

SAST detection methodology for information disclosure (CWE-200), including verbose errors/stack traces (CWE-209), debug mode (Flask/Werkzeug console, Django DEBUG=True, Rails detailed errors, ASP.NET custom errors off), exposed .git/.svn/.env/backup/swap/.DS_Store files, source-map (.map) exposure, directory listing (CWE-548), framework actuator/diagnostic endpoints (Spring Boot /actuator/heapdump, /env, phpinfo), sensitive data in responses/JS bundles/HTML comments (CWE-540), and XSSI/JSONP data leakage. Use when reviewing error handling, debug config, deployed artifacts, and response bodies. Writes confirmed findings to findings/40-information-disclosure.md.

安装

用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。

SKILL.md
readonly